
情况:
为了更好地完成内网与机房服务器之间的IP通信功能,采用了linux的IPgre隧道方法。使企业可以根据路由器的数据传输方式即时浏览机房服务器。
系统架构图如下:
注意:拓扑中外部网络的IP是虚构的IP。
可以看到,企业和主机房的服务器上分别有一个内网IP和一个外网IP。gretunnel的基本原理是关联两台服务器的外网IP,并立即在两个外网IP上创建一个隧道tunnel2。Tunnel2就像是服务器的网络接口,将数据传输到隧道的另一端。
这里,隧道配备了一个新的IP段:172.16.33.1/2。
实际配置:
218.188.152.11:
打开路由器分享,载入gre协议控制模块 # echo 1 > /proc/sys/net/ipv4/ip_forward # modprobe ip_gre 建立隧道tunnel2,加上一虚拟网段172.16.33.0/24 # ip tunnel add tunnel2 mode gre local 218.188.152.11 remote 144.22.1.176 ttl 255 dev eth1 # ip addr add 172.16.33.2 dev tunnel2 peer 172.16.33.1/32 # ip link set dev tunnel2 up 加上一条路由器到根据隧道到主机房内部网的路由器 # ip route add 10.65.3.0/24 dev tunnel2144.22.1.176:
打开路由器分享,载入gre协议控制模块 # echo 1 > /proc/sys/net/ipv4/ip_forward # modprobe ip_gre 建立隧道tunnel2,加上一虚拟网段172.16.33.0/24 # ip tunnel add tunnel2 mode gre local 144.22.1.176 remote 218.188.152.11 ttl 255 dev em1 # ip addr add 172.16.33.1 dev tunnel2 peer 172.16.33.2/32 # ip link set dev tunnel2 up 加上一条路由器到根据隧道到企业内部网的路由器 # ip route add 192.168.1.0/24 dev tunnel2检查路线
218.188.152.11:
# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.33.1 0.0.0.0 255.255.255.255 UH 0 0 0 tunnel2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.65.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tunnel2 0.0.0.0 xx.xx.xx.xx 0.0.0.0 UG 0 0 0 eth0内网服务器有172.16.33.1、10.65.3.0/24两条附加路由,网关ip是gre隧道,通向主机房的服务器。
144.22.1.176:
# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.33.2 0.0.0.0 255.255.255.255 UH 0 0 0 tunnel2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tunnel2 10.65.3.0 0.0.0.0 255.255.255.0 U 0 0 0 em2 0.0.0.0 xx.xx.xx.xx 0.0.0.0 UG 0 0 0 em1主机房服务器有172.16.33.2和192.168.1.0/24两条附加路由,网关ip是gretunnel,通向主机房服务器。
测试网络连接:
218.188.152.11:
# ping 172.16.33.2 PING 172.16.33.2 (172.16.33.2) 56(84) bytes of data. 64 bytes from 172.16.33.2: icmp_seq=1 ttl=64 time=0.048 ms 64 bytes from 172.16.33.2: icmp_seq=2 ttl=64 time=0.059 ms --- 172.16.33.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1021ms rtt min/avg/max/mdev = 0.048/0.053/0.059/0.009 ms # ping 10.65.3.194 PING 10.65.3.194 (10.65.3.194) 56(84) bytes of data. 64 bytes from 10.65.3.194: icmp_seq=1 ttl=64 time=7.96 ms 64 bytes from 10.65.3.194: icmp_seq=2 ttl=64 time=7.63 ms --- 10.65.3.194 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1100Ms rtt min/avg/max/mdev = 7.638/7.799/7.960/0.161 ms企业可以立即ping通对方机房服务器的greip及其内网ip。
144.22.1.176:
# ping 172.16.33.1 PING 172.16.33.1 (172.16.33.1) 56(84) bytes of data. 64 bytes from 172.16.33.1: icmp_seq=1 ttl=64 time=0.018 ms 64 bytes from 172.16.33.1: icmp_seq=2 ttl=64 time=0.016 ms --- 172.16.33.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1274ms rtt min/avg/max/mdev = 0.016/0.017/0.018/0.001 ms # ping 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. 64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=7.81 ms 64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=7.97 ms --- 192.168.1.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1231ms rtt min/avg/max/mdev = 7.810/7.894/7.978/0.084 ms相反,主机房服务器可以立即ping通对方企业服务器的greip及其内网ip。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)